DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUGĀ· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=42120>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED ANDĀ· INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=42120 Summary: Apache authentication doesn't properly handle parameters in URL matching Product: Apache httpd-2 Version: 2.2.4 Platform: All OS/Version: All Status: NEW Severity: major Priority: P2 Component: mod_auth AssignedTo: [EMAIL PROTECTED] ReportedBy: [EMAIL PROTECTED] If a Location block is tagged as requiring auth. For example <Location /somewhere> AuthName "REalm" AuthType Basic AuthBasicProvider ldapProvider require valid-user </Location> A hit to http://server/somewhere or http://server/somewhere/ will be challenged for authentication. However http://server/somewhere;parameter=value will not be challenged. I believe this is incorrect as per RFC 2396: 3.3. Path Component The path component contains data, specific to the authority (or the scheme if there is no authority component), identifying the resource within the scope of that scheme and authority. path = [ abs_path | opaque_part ] path_segments = segment *( "/" segment ) segment = *pchar *( ";" param ) param = *pchar pchar = unreserved | escaped | ":" | "@" | "&" | "=" | "+" | "$" | "," The path may consist of a sequence of path segments separated by a single slash "/" character. Within a path segment, the characters "/", ";", "=", and "?" are reserved. Each path segment may include a sequence of parameters, indicated by the semicolon ";" character. The parameters are not significant to the parsing of relative references. The last sentence I believe is saying that the parameter is not significant in terms of the actual referenced path segment. -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
